Description
The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.
Published: 2026-05-12
Score: n/a
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Adversarial Robustness Toolbox (ART) version 1.20.1 contains a flaw that allows an attacker to execute arbitrary Python code during loss function or optimizer evaluation. The vulnerability arises because the evaluation routine uses eval() on user‑supplied strings without sanitization. An attacker who can supply a crafted string will trigger eval() to run the code, giving them full control over the host system where ART runs and resulting in total compromise of confidentiality, integrity, and availability.

Affected Systems

The Adversarial Robustness Toolbox (ART) product, specifically the Kubeflow component, is subject to this flaw. Versions up to and including 1.20.1 are affected; later releases may contain a fix. Any environment that integrates ART 1.20.1 or an earlier release and uses the unsafe eval path is at risk.

Risk and Exploitability

The vulnerability presents a high‑severity remote code execution risk. Although EPSS data is unavailable, the lack of input validation combined with eval() makes exploitation likely for an entity with access to the Kubeflow interface. The vulnerability is not yet catalogued in CISA’s KEV list, yet deploying the affected ART version exposes the system to full system compromise if a malicious string is supplied during evaluation. The risk remains high until a patch that removes the unsafe eval or a robust input validation strategy is applied.

Generated by OpenCVE AI on May 12, 2026 at 17:45 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade to a version of the Adversarial Robustness Toolbox newer than 1.20.1 that removes the unsafe eval usage or apply the vendor’s official hot‑fix once released.
  • If upgrading is impossible, restrict the user input for the LossFn and Optimizer parameters to a strict whitelist of known safe functions or sanitize the strings to prevent execution of arbitrary code.
  • Disable or isolate the Kubeflow component in ART if it is not required, or deploy ART in a tightly controlled container with minimal privileges to contain potential compromise.

Generated by OpenCVE AI on May 12, 2026 at 17:45 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 12 May 2026 18:00:00 +0000

Type Values Removed Values Added
Title Remote Code Execution via Unsanitized eval in ART Kubeflow Component
Weaknesses CWE-94

Tue, 12 May 2026 16:00:00 +0000

Type Values Removed Values Added
Description The Adversarial Robustness Toolbox (ART) thru 1.20.1 contains a remote code execution vulnerability in its Kubeflow component. The robustness evaluation function for PyTorch models uses the unsafe eval() function to dynamically evaluate user-supplied strings for the LossFn and Optimizer parameters without any sanitization or security restrictions. An attacker can exploit this by providing a specially crafted string that contains arbitrary Python code, which will be executed when eval() is called, leading to complete compromise of the system running the ART evaluation.
References

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-05-12T15:20:10.746Z

Reserved: 2026-03-09T00:00:00.000Z

Link: CVE-2026-31228

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Received

Published: 2026-05-12T16:16:14.633

Modified: 2026-05-12T16:16:14.633

Link: CVE-2026-31228

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-12T17:45:20Z

Weaknesses